Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel
The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | CommonSecurityLog |
Data collection rules support | Azure Monitor Agent DCR |
Supported by | Microsoft Corporation |
Query samples
All logs
CommonSecurityLog
| where DeviceVendor == "Cisco"
| where DeviceProduct in ("ASA", "FTD")
| extend ingestion_time = bin(TimeGenerated, 1m)
| join kind=inner (Heartbeat
| where Category == "Azure Monitor Agent"
| project TimeGenerated, _ResourceId
| summarize by _ResourceId, ingestion_time = bin(TimeGenerated, 1m)) on _ResourceId, ingestion_time
| project-away _ResourceId1, ingestion_time, ingestion_time1
| sort by TimeGenerated
Prerequisites
To integrate with Cisco ASA/FTD via AMA (Preview) make sure you have:
- To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. Learn more
Vendor installation instructions
Enable data collection rule
Cisco ASA/FTD event logs are collected only from Linux agents.
Run the following command to install and apply the Cisco ASA/FTD collector:
sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python Forwarder_AMA_installer.py